Inactive Virus: System Check

E

Emerik

Posts: 51   +0
Hello. First off I would like to mention that I am new to this forum. But I encountered a virus called "System Check" yesterday, and saw on this forum that you might be of help. I should mention that I have tried a few other solutions to the problem, running for example Microsoft Security Essentials, which didn't find anything. I also ran the Malwarebytes Anti Malware, which found I think three threats, and now at least system check does not keep popping up. Although, I still have the problem that all files are hidden, etc, so I think that it is still lurking in the background. I hope my attempts of removing it hasn't ruined my chances of getting rid of it.

I hope you can help me. Thank you in advance.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================================================

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.
 
Different language

Hi again, I will post the logs you requested soon, but first I should say that when I installed Malwarebyte I installed it in swedish... therefore the logs are in swedish too. Is this a problem?
 
Logs

Here are the logs! Thankful for your help. :)

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Databasversion: v2011.12.24.05

Windows 7 Service Pack 1 x64 NTFS (Felsäkert läge)
Internet Explorer 9.0.8112.16421
Administrator :: SR9EPGOY [administratör]

2012-01-08 21:14:09
mbam-log-2012-01-08 (21-14-09).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 172401
Förfluten tid: 1 minut(er), 7 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\uEwKkQfYkoLVFj.exe -> Sattes i karantän och togs bort.

Upptäckta registerdataposter: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Dåligt: (1) Bra: (0) -> Sattes i karantän och reparerades framgångsrikt.

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 1
C:\ProgramData\uEwKkQfYkoLVFj.exe (Rogue.FakeHDD) -> Sattes i karantän och togs bort.

(klar)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-10 16:05:08
Windows 6.1.7601 Service Pack 1
Running: 2vspwgjb.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe0241b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe0241b@cc52afe02282 0x9A 0x6B 0x42 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe0241b@cc52afe02388 0x8A 0x8D 0x2A 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe0241b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe0241b@cc52afe02282 0x9A 0x6B 0x42 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe0241b@cc52afe02388 0x8A 0x8D 0x2A 0x40 ...

---- EOF - GMER 1.0.15 ----

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 2011-08-08 15:07:30
System Uptime: 2012-01-10 13:59:21 (3 hours ago)
.
Motherboard: LENOVO | | 4298RR3
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 239,45 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 2012-01-09 16:16:22 - Windows Backup
RP4: 2012-01-10 10:17:43 - Windows Update
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Photoshop CS5.1
Adobe Reader 9.3.4
Age of Empires 2
µTorrent
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO GeekBuddy
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Facebook Video Calling 1.0.0.8953
Google Chrome
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.0.74.0
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 26
League of Legends
Lenovo Screen Reading Optimizer
Malwarebytes Anti-Malware version 1.60.0.1800
Mesh Runtime
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Swedish) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Swedish) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Swedish) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Swedish) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Swedish) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Swedish) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Swedish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Swedish) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Swedish) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Swedish) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Swedish) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mobile Partner
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
Pando Media Booster
PDF Settings CS5
PokerStars
RICOH_Media_Driver_v2.14.18.01
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Click to Call
Skype™ 5.5
Spotify
StarCraft II
System Requirements Lab CYRI
System Update
TablEdit 2.71
ThinkPad Energispararen
ThinkPad Tablet Button Driver
ThinkPad Tablettmeny
ThinkPad UltraNav-guiden
ThinkPad Wireless LAN Adapter Software
ThinkVantage Access Connections
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
VLC media player 1.1.2
Yawcam 0.3.6
Zatacka 0.1.7
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 16:07:55 on 2012-01-10
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.46.1033.18.3983.2230 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\ThinkPad\Tablettmeny\ASR\ASRSVC.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMResident.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://home.vrg.se
uDefault_Page_URL = https://home.vrg.se
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMRESIDENT.EXE" /r
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SKRMUR~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CD6E82E3-2EB6-4DBC-B2EA-549B3A090076} : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{CD6E82E3-2EB6-4DBC-B2EA-549B3A090076} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D98510C1-CB1C-4201-86A2-F5D8C678625D} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{E93545F4-C6D4-45E5-8938-9E2C64A6FFAC} : DhcpNameServer = 80.251.201.177 80.251.201.178
TCP: Interfaces\{FCC8F49D-FEFF-4E2B-B8AA-0A332256AFA6} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{FCC8F49D-FEFF-4E2B-B8AA-0A332256AFA6}\05F6E64757377516C6C696E63702960586F6E656 : DhcpNameServer = 195.54.122.211 195.54.122.221
TCP: Interfaces\{FCC8F49D-FEFF-4E2B-B8AA-0A332256AFA6}\2427F6977457274737F6E6 : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{FCC8F49D-FEFF-4E2B-B8AA-0A332256AFA6}\652574 : DhcpNameServer = 83.233.79.36 83.233.79.36
TCP: Interfaces\{FCC8F49D-FEFF-4E2B-B8AA-0A332256AFA6}\D416D6D6161212 : DhcpNameServer = 83.255.245.11 193.150.193.150
TCP: Interfaces\{FCC8F49D-FEFF-4E2B-B8AA-0A332256AFA6}\D4F62696C637572766 : DhcpNameServer = 83.233.79.36 83.233.79.36
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ACGina C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMRESIDENT.EXE" /r
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\44rgjj9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - facebook.com
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASRSVC;ASR Service;C:\Program Files (x86)\ThinkPad\Tablettmeny\ASR\ASRSVC.exe [2011-9-5 79136]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-8-8 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-7-5 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-8-8 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-7-5 93032]
R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-8-8 148840]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-9-5 446592]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-8-8 443240]
R2 TabletSVC;TABLET Service;C:\Program Files (x86)\ThinkPad\Tablettmeny\TSMService.exe [2011-9-5 83440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-7-5 144232]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-7-5 64952]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-8 2656280]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft - nätverkskontroll;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-8-8 477032]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys --> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2011-3-31 25584]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-8-8 83304]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2012-01-10 15:05:37 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4CFAAFD-E7F6-43E2-AF5E-C9074FBDCFF8}\offreg.dll
2012-01-10 15:05:35 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4CFAAFD-E7F6-43E2-AF5E-C9074FBDCFF8}\mpengine.dll
2012-01-08 20:13:44 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-01-08 20:13:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-08 20:11:27 -------- d-----w- C:\Program Files\CCleaner
2012-01-08 18:57:17 35 ----a-w- C:\Users\Administrator\AppData\Roaming\SetValue.bat
2012-01-08 18:57:17 1365 ---ha-w- C:\Users\Administrator\AppData\Roaming\GetValue.vbs
2012-01-08 18:57:10 2730 ----a-w- C:\Windows\SysWow64\tmp.reg
2011-12-25 13:12:18 -------- d--h--w- C:\Users\Administrator\HTC Legend filer
2011-12-25 12:32:01 -------- d--h--w- C:\Users\Administrator\HTC Hero filer
2011-12-24 13:48:13 -------- d--h--w- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-15 02:04:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 02:01:39 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 02:01:36 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 02:01:35 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 02:00:47 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 02:00:47 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-11-21 13:53:46 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-19 15:38:22 94080 ---ha-w- C:\Program Files (x86)\Install Lightroom 3.exe
.
============= FINISH: 16:16:15,45 ===============
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
I downloaded aswMBR to my desktop but when I try to start it, nothing happens. What should I do?
 
Sorry. I guess I didn't copy it properly the first time. Here it is, anyway

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Enterprise Edition Service Pack 1 (build 7601),
64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

  • Double click on downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log (FRST.txt) on your desktop.
  • Please copy and paste it to your reply.
 
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by Administrator at 2012-01-10 21:14:31
Running from C:\Users\Administrator\Downloads
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.Fel: Det g†r inte att komma †t filen eftersom den

anv„nds av en annan process.

========================== Registry (Whitelisted) =============

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]
HKLM\...\Winlogon: [Shell]
HKLM-x32\...\Winlogon: [Shell] [x x] ()

==================== Services (Whitelisted) ======


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-10 21:14 - 2012-01-10 21:15 - 0000000 ____D C:\FRST
2012-01-10 21:12 - 2012-01-10 21:12 - 1379209 ____A C:\Users\Administrator\Downloads\FRST64.exe
2012-01-10 20:37 - 2012-01-10 20:54 - 0057586 ____A C:\Users\Administrator\Desktop\bootkit_remover_debug_log.txt
2012-01-10 20:12 - 2012-01-10 20:12 - 4713472 ____A (AVAST Software) C:\Users\Administrator\Downloads\aswMBR.exe
2012-01-10 20:07 - 2011-09-20 03:02 - 0083968 ____A (Esage Lab) C:\Users\Administrator\Desktop\boot_cleaner.exe
2012-01-10 16:05 - 2012-01-10 16:05 - 0000919 ____A C:\Users\Administrator\Desktop\gmer.log
2012-01-10 15:23 - 2012-01-10 15:23 - 0607260 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2012-01-10 15:23 - 2012-01-10 15:23 - 0302592 ____A C:\Users\Administrator\Desktop\2vspwgjb.exe
2012-01-10 12:21 - 2012-01-10 12:21 - 0013097 ____A C:\Users\Administrator\Documents\Europeiska Unionen diverse.docx
2012-01-08 22:28 - 2012-01-08 22:29 - 0093782 ____A C:\Windows\ntbtlog.txt
2012-01-08 21:18 - 2012-01-10 19:43 - 0230157 ____A C:\Windows\WindowsUpdate.log
2012-01-08 21:16 - 2012-01-10 13:52 - 0000392 ____A C:\Windows\setupact.log
2012-01-08 21:16 - 2012-01-08 21:16 - 0000790 ____A C:\Windows\PFRO.log
2012-01-08 21:16 - 2012-01-08 21:16 - 0000000 ____A C:\Windows\setuperr.log
2012-01-08 21:13 - 2012-01-09 23:14 - 0000000 ____D C:\Users\Administrator\Desktop\Malwarebytes' Anti-Malware
2012-01-08 21:13 - 2012-01-08 21:13 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-08 21:13 - 2012-01-08 21:13 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-01-08 21:13 - 2012-01-08 21:13 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-08 21:11 - 2012-01-08 21:11 - 0000000 ____D C:\Program Files\CCleaner
2012-01-08 20:42 - 2012-01-08 20:43 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-1.60.0.1800.exe
2012-01-08 19:57 - 2012-01-08 21:05 - 0002730 ____A C:\Windows\SysWOW64\tmp.reg
2012-01-08 19:57 - 2012-01-08 21:05 - 0001365 ___AH C:\Users\Administrator\AppData\Roaming\GetValue.vbs
2012-01-08 19:57 - 2012-01-08 21:05 - 0000000 ____A C:\Windows\SysWOW64\tmp.txt
2012-01-08 19:57 - 2012-01-08 19:57 - 0000035 ____A C:\Users\Administrator\AppData\Roaming\SetValue.bat
2012-01-08 19:44 - 2012-01-08 21:05 - 0002071 ___AH C:\rapport.txt
2012-01-08 19:44 - 2009-06-02 11:17 - 0075776 ____A C:\Windows\SysWOW64\WS2Fix.exe
2012-01-08 19:44 - 2008-12-12 01:57 - 0078336 ____A (S!Ri.URZ) C:\Windows\SysWOW64\Agent.OMZ.Fix.exe
2012-01-08 19:44 - 2008-11-29 18:58 - 0082944 ____A (S!Ri.URZ) C:\Windows\SysWOW64\IEDFix.C.exe
2012-01-08 19:44 - 2008-10-01 15:51 - 0087552 ____A (S!Ri.URZ) C:\Windows\SysWOW64\VACFix.exe
2012-01-08 19:44 - 2008-09-20 12:45 - 0080384 ____A (S!Ri.URZ) C:\Windows\SysWOW64\o4Patch.exe
2012-01-08 19:44 - 2008-08-18 12:19 - 0082432 ____A (S!Ri.URZ) C:\Windows\SysWOW64\404Fix.exe
2012-01-08 19:44 - 2008-05-18 21:40 - 0082944 ____A (S!Ri.URZ) C:\Windows\SysWOW64\IEDFix.exe
2012-01-08 19:44 - 2007-09-06 00:22 - 0289144 ____A (S!Ri) C:\Windows\SysWOW64\VCCLSID.exe
2012-01-08 19:44 - 2006-12-01 06:20 - 0079360 ____A (SteelWerX) C:\Windows\SysWOW64\swxcacls.exe
2012-01-08 19:44 - 2006-08-29 19:43 - 0135168 ____A (SteelWerX) C:\Windows\SysWOW64\swreg.exe
2012-01-08 19:44 - 2006-04-27 17:49 - 0288417 ____A (S!Ri) C:\Windows\SysWOW64\SrchSTS.exe
2012-01-08 19:44 - 2006-01-09 10:36 - 0040960 ____A C:\Windows\SysWOW64\swsc.exe
2012-01-08 19:44 - 2004-07-31 18:50 - 0051200 ____A C:\Windows\SysWOW64\dumphive.exe
2012-01-08 19:44 - 2003-06-05 21:13 - 0053248 ____A (http://www.beyondlogic.org) C:\Windows\SysWOW64\Process.exe
2012-01-08 19:13 - 2012-01-08 19:13 - 0000659 ___AH C:\Users\Administrator\Desktop\System Check.lnk
2012-01-08 19:13 - 2012-01-08 19:13 - 0000336 ___AH C:\Users\All Users\kjN9GDvyQPgqh5
2012-01-08 19:13 - 2012-01-08 19:13 - 0000336 ___AH C:\ProgramData\kjN9GDvyQPgqh5
2012-01-08 19:13 - 2012-01-08 19:13 - 0000296 ___AH C:\Users\All Users\~kjN9GDvyQPgqh5
2012-01-08 19:13 - 2012-01-08 19:13 - 0000296 ___AH C:\ProgramData\~kjN9GDvyQPgqh5
2012-01-08 19:13 - 2012-01-08 19:13 - 0000200 ___AH C:\Users\All Users\~kjN9GDvyQPgqh5r
2012-01-08 19:13 - 2012-01-08 19:13 - 0000200 ___AH C:\ProgramData\~kjN9GDvyQPgqh5r
2011-12-25 23:00 - 2011-12-25 23:00 - 0302302 ___AH C:\Users\Administrator\Desktop\whistler2.jpg
2011-12-25 23:00 - 2011-12-25 23:00 - 0001456 ___AH C:\Users\Administrator\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-12-25 22:47 - 2011-12-25 22:47 - 0511231 ___AH C:\Users\Administrator\Desktop\whistler.jpg
2011-12-25 14:12 - 2011-12-25 14:13 - 0000000 ___HD C:\Users\Administrator\HTC Legend filer
2011-12-25 13:32 - 2011-12-25 13:53 - 0000000 ___HD C:\Users\Administrator\HTC Hero filer
2011-12-24 14:48 - 2011-12-24 14:48 - 0000000 ___HD C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-24 14:27 - 2011-12-24 14:27 - 0030272 ___AH C:\Users\Administrator\Documents\AssessmentPresentingGroup.docx
2011-12-24 14:27 - 2011-12-24 14:27 - 0025627 ___AH C:\Users\Administrator\Documents\AssessmentReviewGroup.docx
2011-12-21 09:14 - 2011-12-21 09:14 - 0013023 ___AH C:\Users\Administrator\Downloads\Questions for the Arabic spring.docx
2011-12-20 09:09 - 2011-12-20 09:09 - 0015482 ___AH C:\Users\Administrator\Documents\USA inför seminarie.docx
2011-12-16 15:20 - 2011-12-16 15:41 - 0242193 ___AH C:\Users\Administrator\Documents\Rough Draft thursday efter Ann efter nationella i slutet av dagen.docx
2011-12-16 12:49 - 2011-12-16 12:49 - 0030020 ___AH C:\Users\Administrator\Documents\Rough Draft thursday efter Ann efter nationella.docx
2011-12-16 12:02 - 2011-12-16 12:02 - 0029422 ___AH C:\Users\Administrator\Documents\Rough Draft thursday efter Ann.docx
2011-12-15 14:19 - 2011-12-15 14:19 - 0015464 ___AH C:\Users\Administrator\Documents\Different media sources have different opinions.docx
2011-12-15 14:18 - 2011-12-16 10:57 - 0029405 ___AH C:\Users\Administrator\Documents\Rough Draft thursday.docx
2011-12-15 03:04 - 2011-10-26 06:21 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-15 03:03 - 2011-11-04 02:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-15 03:03 - 2011-11-04 02:43 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-15 03:03 - 2011-11-04 02:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-15 03:03 - 2011-11-04 02:35 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-15 03:03 - 2011-11-04 02:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 03:03 - 2011-11-03 23:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-12-15 03:03 - 2011-11-03 23:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-12-15 03:03 - 2011-11-03 23:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-12-15 03:03 - 2011-11-03 23:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-12-15 03:03 - 2011-11-03 23:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-12-15 03:02 - 2011-11-04 03:38 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-15 03:02 - 2011-11-04 02:59 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-15 03:02 - 2011-11-04 02:53 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-15 03:02 - 2011-11-04 02:44 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-15 03:02 - 2011-11-04 02:44 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-15 03:02 - 2011-11-04 02:41 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-15 03:02 - 2011-11-04 02:39 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-15 03:02 - 2011-11-04 02:30 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-15 03:02 - 2011-11-04 00:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-12-15 03:02 - 2011-11-03 23:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-12-15 03:02 - 2011-11-03 23:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-12-15 03:02 - 2011-11-03 23:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-12-15 03:02 - 2011-11-03 23:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-12-15 03:02 - 2011-11-03 23:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-12-15 03:02 - 2011-11-03 23:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-12-15 03:02 - 2011-11-03 23:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-12-15 03:01 - 2011-11-24 05:52 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-15 03:01 - 2011-10-15 07:31 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-15 03:01 - 2011-10-15 06:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-12-15 03:00 - 2011-11-05 06:32 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-15 03:00 - 2011-11-05 05:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-12-13 12:15 - 2011-12-13 12:15 - 0014101 ___AH C:\Users\Administrator\Documents\Introduction final essay.docx
2011-12-13 10:26 - 2011-12-13 10:26 - 0014013 ___AH C:\Users\Administrator\Documents\Final Essay.docx
2011-12-12 11:40 - 2011-12-13 09:52 - 0017352 ___AH C:\Users\Administrator\Documents\Annotated list of sources.docx
2011-12-12 09:36 - 2011-12-12 09:36 - 0020320 ___AH C:\Users\Administrator\Documents\Digital media analysis.docx
2011-12-12 09:34 - 2011-12-12 09:34 - 0016594 ___AH C:\Users\Administrator\Downloads\Digital media analysis.docx

============ 3 Months Modified Files and Folders =============

2012-01-10 21:15 - 2012-01-10 21:14 - 0000000 ____D C:\FRST
2012-01-10 21:15 - 2011-09-02 14:36 - 0000000 ___HD C:\Users\Administrator\AppData\Local\PMB Files
2012-01-10 21:14 - 2011-08-08 14:26 - 0000528 ___AH C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-01-10 21:12 - 2012-01-10 21:12 - 1379209 ____A C:\Users\Administrator\Downloads\FRST64.exe
2012-01-10 21:12 - 2011-08-08 14:26 - 0000466 ___AH C:\Windows\Tasks\SystemToolsDailyTest.job
2012-01-10 20:54 - 2012-01-10 20:37 - 0057586 ____A C:\Users\Administrator\Desktop\bootkit_remover_debug_log.txt
2012-01-10 20:39 - 2011-09-05 19:36 - 0001302 ___AH C:\Users\Administrator\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2010.lnk
2012-01-10 20:39 - 2011-09-05 19:36 - 0001302 ___AH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2010.lnk
2012-01-10 20:28 - 2011-09-29 12:16 - 0001036 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
2012-01-10 20:15 - 2011-09-02 14:29 - 0000000 ___HD C:\Program Files (x86)\Mozilla Firefox
2012-01-10 20:12 - 2012-01-10 20:12 - 4713472 ____A (AVAST Software) C:\Users\Administrator\Downloads\aswMBR.exe
2012-01-10 19:43 - 2012-01-08 21:18 - 0230157 ____A C:\Windows\WindowsUpdate.log
2012-01-10 18:26 - 2011-10-20 21:03 - 0000960 ___AH C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
2012-01-10 18:13 - 2011-08-09 00:00 - 0622356 ____A C:\Windows\System32\perfh01D.dat
2012-01-10 18:13 - 2011-08-09 00:00 - 0122902 ____A C:\Windows\System32\perfc01D.dat
2012-01-10 18:13 - 2009-07-14 06:13 - 1457064 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-10 16:05 - 2012-01-10 16:05 - 0000919 ____A C:\Users\Administrator\Desktop\gmer.log
2012-01-10 15:26 - 2011-10-20 21:03 - 0000938 ___AH C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
2012-01-10 15:23 - 2012-01-10 15:23 - 0607260 ____R (Swearware) C:\Users\Administrator\Desktop\dds.scr
2012-01-10 15:23 - 2012-01-10 15:23 - 0302592 ____A C:\Users\Administrator\Desktop\2vspwgjb.exe
2012-01-10 14:28 - 2011-09-29 12:16 - 0000984 ___AH C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
2012-01-10 13:59 - 2009-07-14 05:45 - 0021984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-10 13:59 - 2009-07-14 05:45 - 0021984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-10 13:52 - 2012-01-08 21:16 - 0000392 ____A C:\Windows\setupact.log
2012-01-10 13:52 - 2011-08-08 23:02 - 3132542976 __ASH C:\hiberfil.sys
2012-01-10 13:52 - 2009-07-14 06:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-10 12:21 - 2012-01-10 12:21 - 0013097 ____A C:\Users\Administrator\Documents\Europeiska Unionen diverse.docx
2012-01-09 23:14 - 2012-01-08 21:13 - 0000000 ____D C:\Users\Administrator\Desktop\Malwarebytes' Anti-Malware
2012-01-09 16:39 - 2011-08-08 14:07 - 0000000 __SHD C:\Recovery
2012-01-09 16:16 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\System32\restore
2012-01-08 22:29 - 2012-01-08 22:28 - 0093782 ____A C:\Windows\ntbtlog.txt
2012-01-08 22:06 - 2011-09-02 18:15 - 0000000 ___HD C:\Users\Administrator\AppData\Roaming\Spotify
2012-01-08 22:02 - 2011-09-02 18:15 - 0000000 ___HD C:\Users\Administrator\AppData\Local\Spotify
2012-01-08 21:16 - 2012-01-08 21:16 - 0000790 ____A C:\Windows\PFRO.log
2012-01-08 21:16 - 2012-01-08 21:16 - 0000000 ____A C:\Windows\setuperr.log
2012-01-08 21:13 - 2012-01-08 21:13 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-01-08 21:13 - 2012-01-08 21:13 - 0000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2012-01-08 21:13 - 2012-01-08 21:13 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-01-08 21:12 - 2011-09-02 18:28 - 0000000 ___HD C:\Users\Administrator\AppData\Roaming\uTorrent
2012-01-08 21:12 - 2011-09-02 18:20 - 0000000 ___HD C:\Users\Administrator\AppData\Roaming\Skype
2012-01-08 21:12 - 2011-08-09 00:01 - 0000000 ___HD C:\Windows\Panther
2012-01-08 21:11 - 2012-01-08 21:11 - 0000000 ____D C:\Program Files\CCleaner
2012-01-08 21:05 - 2012-01-08 19:57 - 0002730 ____A C:\Windows\SysWOW64\tmp.reg
2012-01-08 21:05 - 2012-01-08 19:57 - 0001365 ___AH C:\Users\Administrator\AppData\Roaming\GetValue.vbs
2012-01-08 21:05 - 2012-01-08 19:57 - 0000000 ____A C:\Windows\SysWOW64\tmp.txt
2012-01-08 21:05 - 2012-01-08 19:44 - 0002071 ___AH C:\rapport.txt
2012-01-08 21:05 - 2011-09-07 20:57 - 0001206 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-08 20:43 - 2012-01-08 20:42 - 10847608 ____A (Malwarebytes Corporation ) C:\Users\Administrator\Desktop\mbam-setup-1.60.0.1800.exe
2012-01-08 20:38 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\NDF
2012-01-08 19:57 - 2012-01-08 19:57 - 0000035 ____A C:\Users\Administrator\AppData\Roaming\SetValue.bat
2012-01-08 19:33 - 2011-09-02 14:36 - 0000000 ___HD C:\Users\All Users\PMB Files
2012-01-08 19:33 - 2011-09-02 14:36 - 0000000 ___HD C:\ProgramData\PMB Files
2012-01-08 19:13 - 2012-01-08 19:13 - 0000659 ___AH C:\Users\Administrator\Desktop\System Check.lnk
2012-01-08 19:13 - 2012-01-08 19:13 - 0000336 ___AH C:\Users\All Users\kjN9GDvyQPgqh5
2012-01-08 19:13 - 2012-01-08 19:13 - 0000336 ___AH C:\ProgramData\kjN9GDvyQPgqh5
2012-01-08 19:13 - 2012-01-08 19:13 - 0000296 ___AH C:\Users\All Users\~kjN9GDvyQPgqh5
2012-01-08 19:13 - 2012-01-08 19:13 - 0000296 ___AH C:\ProgramData\~kjN9GDvyQPgqh5
2012-01-08 19:13 - 2012-01-08 19:13 - 0000200 ___AH C:\Users\All Users\~kjN9GDvyQPgqh5r
2012-01-08 19:13 - 2012-01-08 19:13 - 0000200 ___AH C:\ProgramData\~kjN9GDvyQPgqh5r
2012-01-08 00:30 - 2011-09-29 12:17 - 0002445 ___AH C:\Users\Administrator\Desktop\Google Chrome.lnk
2011-12-25 23:00 - 2011-12-25 23:00 - 0302302 ___AH C:\Users\Administrator\Desktop\whistler2.jpg
2011-12-25 23:00 - 2011-12-25 23:00 - 0001456 ___AH C:\Users\Administrator\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-12-25 22:58 - 2011-09-02 18:04 - 0000000 ___HD C:\Users\Administrator\AppData\Roaming\Adobe
2011-12-25 22:47 - 2011-12-25 22:47 - 0511231 ___AH C:\Users\Administrator\Desktop\whistler.jpg
2011-12-25 14:13 - 2011-12-25 14:12 - 0000000 ___HD C:\Users\Administrator\HTC Legend filer
2011-12-25 14:12 - 2011-08-08 14:07 - 0000000 ___HD C:\users\Administrator
2011-12-25 13:53 - 2011-12-25 13:32 - 0000000 ___HD C:\Users\Administrator\HTC Hero filer
2011-12-25 13:52 - 2011-09-03 17:38 - 0000000 ___HD C:\Users\Administrator\AppData\Roaming\vlc
2011-12-24 14:48 - 2011-12-24 14:48 - 0000000 ___HD C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-24 14:27 - 2011-12-24 14:27 - 0030272 ___AH C:\Users\Administrator\Documents\AssessmentPresentingGroup.docx
2011-12-24 14:27 - 2011-12-24 14:27 - 0025627 ___AH C:\Users\Administrator\Documents\AssessmentReviewGroup.docx
2011-12-21 09:14 - 2011-12-21 09:14 - 0013023 ___AH C:\Users\Administrator\Downloads\Questions for the Arabic spring.docx
2011-12-20 09:09 - 2011-12-20 09:09 - 0015482 ___AH C:\Users\Administrator\Documents\USA inför seminarie.docx
2011-12-16 15:41 - 2011-12-16 15:20 - 0242193 ___AH C:\Users\Administrator\Documents\Rough Draft thursday efter Ann efter nationella i slutet av dagen.docx
2011-12-16 12:49 - 2011-12-16 12:49 - 0030020 ___AH C:\Users\Administrator\Documents\Rough Draft thursday efter Ann efter nationella.docx
2011-12-16 12:02 - 2011-12-16 12:02 - 0029422 ___AH C:\Users\Administrator\Documents\Rough Draft thursday efter Ann.docx
2011-12-16 10:57 - 2011-12-15 14:18 - 0029405 ___AH C:\Users\Administrator\Documents\Rough Draft thursday.docx
2011-12-15 14:19 - 2011-12-15 14:19 - 0015464 ___AH C:\Users\Administrator\Documents\Different media sources have different opinions.docx
2011-12-15 13:12 - 2011-08-08 14:26 - 0000000 ___HD C:\Users\All Users\Microsoft Help
2011-12-15 13:12 - 2011-08-08 14:26 - 0000000 ___HD C:\ProgramData\Microsoft Help
2011-12-15 04:03 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\rescache
2011-12-15 03:25 - 2009-07-14 05:45 - 4968776 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-15 03:05 - 2011-08-08 14:14 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-15 03:01 - 2009-07-14 04:20 - 0000000 ___HD C:\Windows\SysWOW64\sv-SE
2011-12-15 03:01 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\sv-SE
2011-12-13 12:15 - 2011-12-13 12:15 - 0014101 ___AH C:\Users\Administrator\Documents\Introduction final essay.docx
2011-12-13 10:26 - 2011-12-13 10:26 - 0014013 ___AH C:\Users\Administrator\Documents\Final Essay.docx
2011-12-13 09:52 - 2011-12-12 11:40 - 0017352 ___AH C:\Users\Administrator\Documents\Annotated list of sources.docx
2011-12-12 09:36 - 2011-12-12 09:36 - 0020320 ___AH C:\Users\Administrator\Documents\Digital media analysis.docx
2011-12-12 09:34 - 2011-12-12 09:34 - 0016594 ___AH C:\Users\Administrator\Downloads\Digital media analysis.docx
2011-12-12 09:04 - 2011-09-06 10:40 - 0000000 ___HD C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2011-12-09 01:09 - 2011-12-09 00:16 - 0019129 ___AH C:\Users\Administrator\Documents\Analysis of The Graduate.docx
2011-12-08 18:12 - 2011-12-08 18:12 - 0020566 ___AH C:\Users\Administrator\Downloads\homework assignment of film and lyrics analysis.docx
2011-12-08 09:30 - 2011-09-06 12:31 - 1474930 ___AH C:\Windows\SysWOW64\PerfStringBackup.INI
2011-12-06 14:53 - 2011-09-02 18:19 - 0000000 __RHD C:\Program Files (x86)\Skype
2011-12-06 14:53 - 2011-09-02 18:19 - 0000000 ___HD C:\Users\All Users\Skype
2011-12-06 14:53 - 2011-09-02 18:19 - 0000000 ___HD C:\ProgramData\Skype
2011-12-02 12:54 - 2011-12-02 12:42 - 0029304 ___AH C:\Users\Administrator\Documents\USA ebbas och emils del.docx
2011-12-02 12:41 - 2011-12-02 12:41 - 0029189 ___AH C:\Users\Administrator\Downloads\USA ebbas och emils del.docx
2011-12-02 12:06 - 2011-12-02 12:06 - 0025490 ___AH C:\Users\Administrator\Documents\USA emils bba del.docx
2011-12-01 12:51 - 2011-12-01 12:51 - 0030892 ___AH C:\Users\Administrator\Downloads\USA ebbas del.docx
2011-12-01 12:35 - 2011-12-01 12:35 - 0031014 ___AH C:\Users\Administrator\Downloads\USA.docx
2011-12-01 11:17 - 2011-12-01 11:17 - 0035888 ___AH C:\Users\Administrator\Documents\Idrottsprov ps.docx
2011-12-01 10:59 - 2011-09-02 18:15 - 0000000 ___HD C:\Program Files (x86)\Spotify
2011-11-30 15:01 - 2009-07-14 04:18 - 0000000 __SHD C:\$Recycle.Bin
2011-11-30 11:10 - 2011-11-30 11:10 - 0015181 ___AH C:\Users\Administrator\Documents\Sourcing.docx
2011-11-30 08:33 - 2011-11-29 22:43 - 0000000 ___HD C:\Users\All Users\CPA_VA
2011-11-30 08:33 - 2011-11-29 22:43 - 0000000 ___HD C:\ProgramData\CPA_VA
2011-11-29 22:41 - 2011-09-06 12:59 - 0000000 ___HD C:\Users\Public\Documents\COMODO
2011-11-29 12:17 - 2011-11-29 12:16 - 0025490 ___AH C:\Users\Administrator\Documents\USA emils del.docx
2011-11-29 12:03 - 2011-11-22 10:21 - 0025237 ___AH C:\Users\Administrator\Documents\USA med 2 o 3.docx
2011-11-29 10:22 - 2011-11-29 10:22 - 0016296 ___AH C:\Users\Administrator\Downloads\Jämförande Politik Uppsats.docx
2011-11-27 23:18 - 2011-11-27 23:18 - 0031232 ___AH C:\Users\Administrator\Documents\Tränarräkning.xls
2011-11-25 11:14 - 2011-11-25 11:14 - 0013746 ___AH C:\Users\Administrator\Documents\Dikt maskrosen.docx
2011-11-24 05:52 - 2011-12-15 03:01 - 3145216 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-22 10:10 - 2011-11-22 10:10 - 0000162 ___AH C:\Users\Administrator\Documents\~$A Fakta.docx
2011-11-21 14:53 - 2011-09-02 18:04 - 0414368 ___AH (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-18 14:52 - 2011-08-09 07:20 - 0000000 ___HD C:\Program Files (x86)\Microsoft Silverlight
2011-11-18 11:13 - 2011-11-18 11:13 - 0013674 ___AH C:\Users\Administrator\Documents\Kärlek.docx
2011-11-18 08:49 - 2011-11-18 08:49 - 0018059 ___AH C:\Users\Administrator\Documents\Bokanalys av Emil E.docx
2011-11-18 08:28 - 2011-10-20 21:03 - 0000000 ___HD C:\Users\Administrator\AppData\Local\Facebook
2011-11-15 12:22 - 2011-11-15 12:07 - 0016357 ___AH C:\Users\Administrator\Documents\USA Fakta.docx
2011-11-14 14:54 - 2011-08-08 14:26 - 0000000 ___HD C:\Users\All Users\PCDr
2011-11-14 14:54 - 2011-08-08 14:26 - 0000000 ___HD C:\ProgramData\PCDr
2011-11-14 14:53 - 2011-11-14 14:53 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-11 09:34 - 2011-11-02 18:07 - 0000000 ___HD C:\Users\Administrator\Documents\StarCraft II
2011-11-11 09:34 - 2011-11-02 18:07 - 0000000 ___HD C:\Program Files (x86)\StarCraft II
2011-11-11 09:27 - 2011-11-11 09:23 - 0000000 ___HD C:\Program Files (x86)\Mobile Partner
2011-11-10 20:39 - 2009-07-14 04:20 - 0000000 ___HD C:\Program Files\Common Files\System
2011-11-09 17:55 - 2011-11-09 17:55 - 0036756 ___AH C:\Users\Administrator\Downloads\How I Met Your Mother - 07x09 - Disaster Averted.LOL.French.C.updated.Addic7ed.com.srt
2011-11-09 12:54 - 2011-11-09 00:01 - 0017218 ___AH C:\Users\Administrator\Documents\The Bahamas.docx
2011-11-09 00:01 - 2011-11-09 00:01 - 8365966 ___AH C:\Users\Administrator\Documents\Bahamas PP.pptx
2011-11-08 11:40 - 2011-11-08 11:40 - 0000500 ___AH C:\Users\Administrator\Documents\Houseofrisingsun.tef
2011-11-08 11:40 - 2011-11-03 18:04 - 0000103 ___AH C:\Users\Administrator\Documents\TEtmp.rcl
2011-11-08 11:40 - 2011-11-03 17:29 - 0002092 ___AH C:\Windows\tabled32.ini
2011-11-07 15:58 - 2011-11-07 15:58 - 0020183 ___AH C:\Users\Administrator\Documents\colgando en tus manos.docx
2011-11-07 15:15 - 2011-11-07 15:15 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0(4).exe
2011-11-05 06:32 - 2011-12-15 03:00 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-05 05:26 - 2011-12-15 03:00 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-04 03:38 - 2011-12-15 03:02 - 17786368 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-04 02:59 - 2011-12-15 03:02 - 10886656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-04 02:53 - 2011-12-15 03:02 - 2309120 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-04 02:46 - 2011-12-15 03:03 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-04 02:44 - 2011-12-15 03:02 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-04 02:44 - 2011-12-15 03:02 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-04 02:43 - 2011-12-15 03:03 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-04 02:41 - 2011-12-15 03:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-04 02:39 - 2011-12-15 03:02 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-04 02:36 - 2011-12-15 03:03 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-04 02:35 - 2011-12-15 03:03 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-04 02:34 - 2011-12-15 03:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-04 02:30 - 2011-12-15 03:02 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-04 00:02 - 2011-12-15 03:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-03 23:47 - 2011-12-15 03:02 - 1798144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2011-11-03 23:46 - 2011-12-15 03:02 - 9705472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-03 23:40 - 2011-12-15 03:03 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-03 23:40 - 2011-12-15 03:02 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2011-11-03 23:39 - 2011-12-15 03:02 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-03 23:38 - 2011-12-15 03:03 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-03 23:37 - 2011-12-15 03:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-03 23:34 - 2011-12-15 03:02 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2011-11-03 23:32 - 2011-12-15 03:03 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-03 23:32 - 2011-12-15 03:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-03 23:31 - 2011-12-15 03:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-03 23:28 - 2011-12-15 03:02 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-03 18:46 - 2011-09-04 14:42 - 0000000 ___HD C:\Users\Administrator\riotsGamesLogs
2011-11-03 18:04 - 2011-11-03 18:04 - 0000980 ___AH C:\Users\Administrator\Documents\Emils tab.tef
2011-11-03 17:53 - 2011-11-03 17:53 - 0001744 ___AH C:\Users\Administrator\Documents\Radical Monkey.txt
2011-11-03 17:43 - 2011-11-03 17:43 - 0003960 ___AH C:\Users\Administrator\Documents\Emils visa.txt
2011-11-03 17:43 - 2011-11-03 17:39 - 0003960 ___AH C:\Users\Administrator\Documents\The song.abc
2011-11-03 17:39 - 2011-11-03 17:39 - 0001252 ___AH C:\Users\Administrator\Documents\The real song Midi.mid
2011-11-03 17:29 - 2011-08-08 14:32 - 0109608 ___AH C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2011-11-03 17:28 - 2011-11-03 17:28 - 0621392 ___AH (TablEdit ) C:\Users\Administrator\Downloads\tabled32.exe
2011-11-03 17:28 - 2011-11-03 17:28 - 0000949 ___AH C:\Users\Administrator\Desktop\TablEdit.lnk
2011-11-03 17:28 - 2011-11-03 17:28 - 0000000 ___HD C:\Program Files (x86)\TablEdit
2011-11-03 17:23 - 2011-11-03 17:16 - 0000000 ___HD C:\Users\Administrator\.yawcam
2011-11-03 17:16 - 2011-11-03 17:16 - 0001869 ___AH C:\Users\Administrator\Desktop\Yawcam.lnk
2011-11-03 17:16 - 2011-11-03 17:16 - 0000000 ___HD C:\Program Files (x86)\Yawcam
2011-11-03 17:14 - 2011-11-03 17:14 - 4491651 ___AH (Magnus Lundvall ) C:\Users\Administrator\Downloads\yawcam_install.exe
2011-11-02 19:44 - 2011-11-02 18:07 - 0000000 ___HD C:\Users\All Users\Blizzard Entertainment
2011-11-02 19:44 - 2011-11-02 18:07 - 0000000 ___HD C:\ProgramData\Blizzard Entertainment
2011-11-02 15:34 - 2011-11-01 22:50 - 0000000 ___HD C:\Users\Administrator\SC2-WingsOfLiberty-enGB-Installer
2011-11-01 22:50 - 2011-11-01 22:50 - 3223726 ___AH (Blizzard Entertainment) C:\Users\Administrator\Downloads\StarCraft_2_EU_en-GB.exe
2011-10-28 09:39 - 2011-10-28 08:37 - 0018942 ___AH C:\Users\Administrator\Documents\Passa in eller sticka ut.docx
2011-10-28 07:34 - 2011-08-08 14:08 - 0000174 ___SH C:\Users\Administrator\Start Menu\Programs\Startup\desktop.ini
2011-10-28 07:34 - 2011-08-08 14:08 - 0000174 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-10-26 11:56 - 2009-07-14 06:08 - 0032636 ___AH C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-26 10:14 - 2011-10-26 10:14 - 0017260 ___AH C:\Users\Administrator\Documents\The Pink Umbella edited.docx
2011-10-26 06:21 - 2011-12-15 03:04 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-25 10:25 - 2011-10-11 11:25 - 0068539 ___AH C:\Users\Administrator\Documents\Sveriges styrelsesätt.pptx
2011-10-22 00:02 - 2011-10-22 00:02 - 2182024 ___AH C:\Users\Administrator\Downloads\DSC_4757.jpg
2011-10-21 23:31 - 2011-10-21 23:31 - 7426206 ___AH C:\Users\Administrator\Downloads\DSC_3913.jpg
2011-10-21 23:24 - 2011-10-21 23:24 - 0252043 ___AH C:\Users\Administrator\Downloads\6241411749_aa0a2070f6_b.jpg
2011-10-21 07:53 - 2011-10-21 07:53 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0(3).exe
2011-10-21 07:46 - 2011-10-21 07:46 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0(2).exe
2011-10-20 21:32 - 2011-10-20 21:32 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0 (5).exe
2011-10-20 21:32 - 2011-10-20 21:32 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0 (4).exe
2011-10-20 21:10 - 2011-10-20 21:10 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0 (3).exe
2011-10-20 21:09 - 2011-10-20 21:09 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0 (2).exe
2011-10-20 21:08 - 2011-10-20 21:08 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0 (1).exe
2011-10-20 21:03 - 2011-10-20 21:03 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0(1).exe
2011-10-20 21:02 - 2011-10-20 21:02 - 0493520 ___AH (Facebook Inc.) C:\Users\Administrator\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe
2011-10-15 07:31 - 2011-12-15 03:01 - 0723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-15 06:38 - 2011-12-15 03:01 - 0534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-10-13 14:13 - 2011-10-13 14:13 - 0273510 ___AH C:\Users\Administrator\Downloads\285957_10150262238244370_673164369_7925424_3913960_o.jpg

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 51%
Total physical RAM: 3983.23 MB
Available physical RAM: 1926.71 MB
Total Pagefile: 7964.66 MB
Available Pagefile: 5770.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

======================= Partitions =========================

1 Drive c: (OSDisk) (Fixed) (Total:297.79 GB) (Free:239.38 GB) NTFS

Disk nr Status Storlek Ledigt Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk nr 0 Online 298 G B 0 B

DiskPart avslutas...

Partitions of Disk Disk nr Status Storlek Ledigt Dyn Gpt:
===============

Argumenten som angetts f”r kommandot „r inte giltiga.
Om du vill ha mer information om kommandot skriver du: HELP SELECT DISK

Ingen disk har valts.

Partitions of Disk Disk nr 0 Online 298 G B 0 B :
===============

Argumenten som angetts f”r kommandot „r inte giltiga.
Om du vill ha mer information om kommandot skriver du: HELP SELECT DISK

Ingen disk har valts.
==========================================================

Last Boot: 2012-01-10 14:12

======================= End Of Log ==========================
 
That looks good.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
When the system rebooted, the TDSS Tool said "***Infected MBR detected"
It has an option to "Repair" or "Close". I haven't chosen any and the window is still open while I wait for your response. Additionally, Microsoft Security Essentials popped up saying "1 potential threat found". I didn't choose to "Fix now", I just left it.
What should I do? Very thankful for your help.
 
Click "Repair".
Disregard MSE warning as I don't know what it says.
Restart and post new Bootkit Remover log.
 
Okay, some things happened now. First, while I was waiting for a response, I had a bluescreen. I didn't get the chance to click repair. Upon rebooting, the internet connection doesn't work (it says network connection missing. I'm using wireless.) When I saw your reply on my other computer, I ran the Fix TDSS again, although this time when rebooting, it says "Suspicious use of kernel callback but MBR appears intact. Repair not done. No infections were found"

I ran the bootkit remover again, and unfortunately I can't post the log since I don't have any internet connection, but it appears to say exactly the same thing as last time I ran it.
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I downloaded ComboFix to my other computer and copied it to my laptop (infected one) and ran the program. It worked and started scannning, but just as the result came up, it crashed and a bluescreen appeared, and the computer rebooted. I don't know if any logs were saved. What should I do? Oh, and I did as told, I deactivated the anti-virus programs before starting.
 
I re-ran it from safe mode, and it worked. I recieved a log, which I will post here. I should also tell that when I started the computer in normal mode again, all the hidden files were back.

ComboFix 12-01-10.02 - Administrator 2012-01-10 23:58:53.2.4 - x64 MINIMAL
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.46.1033.18.3983.2919 [GMT 1:00]
Körs från: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Skapade en ny återställningspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Administrator\Desktop\System Check.lnk
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
(((((((((((((((((((((((( Filer skapade från 2011-12-10 till 2012-01-10 ))))))))))))))))))))))))))))))
.
.
2012-01-10 23:34 . 2012-01-10 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-10 22:48 . 2012-01-10 22:48 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4CFAAFD-E7F6-43E2-AF5E-C9074FBDCFF8}\offreg.dll
2012-01-10 20:14 . 2012-01-10 20:16 -------- d-----w- C:\FRST
2012-01-10 15:05 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4CFAAFD-E7F6-43E2-AF5E-C9074FBDCFF8}\mpengine.dll
2012-01-08 20:13 . 2012-01-08 20:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-01-08 20:13 . 2012-01-08 20:13 -------- d-----w- c:\programdata\Malwarebytes
2012-01-08 20:11 . 2012-01-08 20:11 -------- d-----w- c:\program files\CCleaner
2012-01-08 18:57 . 2012-01-08 20:05 1365 ---ha-w- c:\users\Administrator\AppData\Roaming\GetValue.vbs
2012-01-08 18:57 . 2012-01-08 18:57 35 ----a-w- c:\users\Administrator\AppData\Roaming\SetValue.bat
2011-12-25 13:12 . 2011-12-25 13:13 -------- d--h--w- c:\users\Administrator\HTC Legend filer
2011-12-25 12:32 . 2011-12-25 12:53 -------- d--h--w- c:\users\Administrator\HTC Hero filer
2011-12-24 13:48 . 2011-12-24 13:48 -------- d--h--w- c:\users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-12-15 02:04 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 02:01 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 02:01 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 02:01 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 02:00 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 02:00 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 13:53 . 2011-09-02 17:04 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-21 11:40 . 2011-09-07 11:48 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-19 15:38 . 2011-09-08 21:38 94080 ---ha-w- c:\program files (x86)\Install Lightroom 3.exe
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-02 3077528]
"Facebook Update"="c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-07 137536]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"TSMResident"="c:\program files (x86)\ThinkPad\Tablettmeny\TSMRESIDENT.EXE" [2011-05-09 484856]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
Skärmurklipp och start för OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
R2 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablettmeny\ASR\ASRSVC.exe [2010-10-27 79136]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-03-02 443240]
R2 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablettmeny\TSMService.exe [2011-05-18 83440]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-07-04 477032]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft - nätverkskontroll;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub; [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
- c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 14:21]
.
2012-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
- c:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 14:21]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 11:16]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1710067825-1136283663-2566881455-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 11:16]
.
2012-01-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2012-01-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://home.vrg.se
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\44rgjj9n.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - facebook.com
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ca,
00,9a,bb,ea,08,b1,9f,bd,17,8d,6c,fb,d9
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,90,
6a,f2,63,4b,07,a3,f0,4c,fc,1c,7a,e5,64
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,25,
88,35,1f,d6,00,9a,c5,16,24,77,4a,25,dc
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e6,
ac,16,5d,30,03,ae,2b,05,f3,01,cc,44,e5
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,41,
32,c1,08,0c,0c,bc,aa,88,e9,66,6c,04,8b
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:e8,c5,dd,da,72,69,cc,01
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,cd,29,60,03,3f,d3,45,b4,90,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,cd,29,60,03,3f,d3,45,b4,90,d4,\
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-01-11 00:59:19
ComboFix-quarantined-files.txt 2012-01-10 23:59
.
Före genomsökningen: 256*131*993*600 byte ledigt
Efter genomsökningen: 255*799*685*120 byte ledigt
.
- - End Of File - - C5757D201A4E7C2A6E357C3869677713
 
Looks good.

How is computer doing?

Make sure you're in normal mode.
See if you can update and run MBAM.
Post the log.

Post new Bootkit Remover log.
 
Hi! The computer is doing much better. After restarting the computer after the TDSS scan, all the hidden files are back. Thanks a lot for the help :)

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Databasversion: v2012.01.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: SR9EPGOY [administratör]

2012-01-11 18:51:22
mbam-log-2012-01-11 (18-51-22).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 183952
Förfluten tid: 4 minut(er), 14 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Enterprise Edition Service Pack 1 (build 7601),
64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
Good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Extras logfile created on: 1/11/2012 7:22:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd

3.89 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 58.03% Memory free
7.78 Gb Paging File | 5.96 Gb Available in Paging File | 76.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.79 Gb Total Space | 238.39 Gb Free Space | 80.05% Space Free | Partition Type: NTFS

Computer Name: SR9EPGOY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Programvaran Intel(R) PROSet för trådlösa WiFi-anslutningar
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Aktivt skyddssystem
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8BBA6F77-4A79-4E90-BD82-E24669ACF221}" = Adobe Photoshop Lightroom 3.4.1 64-bit
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client SV-SE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F8D02DBB-9B81-4192-9E85-219AD0447920}" = Microsoft Antimalware Service SV-SE Language Pack
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft Security Client" = Microsoft Security Essentials
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav-guiden
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26903C89-780A-463E-8CBD-E47A73927254}" = ThinkPad Tablet Button Driver
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.6
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7D723ADD-8EE7-40A2-90A0-F8B29FE5026B}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-041D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-041D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91A29166-4E1B-4664-B70B-4C4A3B6B3372}" = Lenovo Screen Reading Optimizer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9a2db59f-091a-40b4-958d-1c8264624126}" = ThinkPad Tablettmeny
"{9D3D2C60-A55F-4fed-B2B9-17311226DF01}" = ThinkPad Wireless LAN Adapter Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C6D4B05A-EA7E-1027-80EF-C925E740E99C}" = Intel(R) Identity Protection Technology 1.0.74.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energispararen
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Age of EMpires 2" = Age of Empires 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"COMODO GeekBuddy" = COMODO GeekBuddy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"TablEdit_is1" = TablEdit 2.71
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Zatacka_is1" = Zatacka 0.1.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1710067825-1136283663-2566881455-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2012 6:25:09 PM | Computer Name = SR9EPGOY | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2012 6:47:58 PM | Computer Name = SR9EPGOY | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2012 6:50:37 PM | Computer Name = SR9EPGOY | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2012 6:53:51 PM | Computer Name = SR9EPGOY | Source = VSS | ID = 18
Description =

Error - 1/10/2012 6:53:51 PM | Computer Name = SR9EPGOY | Source = VSS | ID = 8193
Description =

Error - 1/10/2012 6:53:51 PM | Computer Name = SR9EPGOY | Source = System Restore | ID = 8193
Description =

Error - 1/11/2012 2:24:43 AM | Computer Name = SR9EPGOY | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2012 8:16:22 AM | Computer Name = SR9EPGOY | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2012 11:59:31 AM | Computer Name = SR9EPGOY | Source = WinMgmt | ID = 10
Description =

Error - 1/11/2012 1:36:11 PM | Computer Name = SR9EPGOY | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 1/2/2012 2:12:43 PM | Computer Name = SR9EPGOY | Source = Microsoft Antimalware | ID = 3002
Description = %%860-funktionen för realtidsskydd har stött på ett fel och avslutats.

Funktion:
%%835 Felkod: 0x80004005 Felbeskrivning: Unspecified error Orsak: %%842

Error - 1/3/2012 12:45:32 PM | Computer Name = SR9EPGOY | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: cdrom

Error - 1/3/2012 12:45:43 PM | Computer Name = SR9EPGOY | Source = Microsoft Antimalware | ID = 3002
Description = %%860-funktionen för realtidsskydd har stött på ett fel och avslutats.

Funktion:
%%835 Felkod: 0x80004005 Felbeskrivning: Unspecified error Orsak: %%842

Error - 1/3/2012 4:31:04 PM | Computer Name = SR9EPGOY | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: cdrom

Error - 1/3/2012 4:43:38 PM | Computer Name = SR9EPGOY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion:
Föregående signaturversion: 1.117.2126.0 Uppdateringskälla: %%859 Uppdateringsskede:
%%853 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803

Användare:
NT AUTHORITY\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.7903.0 Felkod:
0x80240022 Felbeskrivning: The program can't check for definition updates.

Error - 1/3/2012 4:43:38 PM | Computer Name = SR9EPGOY | Source = Microsoft Antimalware | ID = 2001
Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion:
Föregående signaturversion: 1.117.2126.0 Uppdateringskälla: %%859 Uppdateringsskede:
%%853 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803

Användare:
NT AUTHORITY\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.7903.0 Felkod:
0x80240022 Felbeskrivning: The program can't check for definition updates.

Error - 1/3/2012 4:47:43 PM | Computer Name = SR9EPGOY | Source = bowser | ID = 8003
Description =

Error - 1/6/2012 11:24:48 AM | Computer Name = SR9EPGOY | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: cdrom

Error - 1/7/2012 6:51:50 PM | Computer Name = SR9EPGOY | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: cdrom

Error - 1/8/2012 12:37:07 PM | Computer Name = SR9EPGOY | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: cdrom


< End of report >
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
531
Mark Fuller
M
AGenericFool
Help - Valid Windows 10 Licenses deactivate after two days?!
Replies
1
Views
271
Nelson28
N
M
The fallacy of the cashless monetary system
Replies
0
Views
390
Mark Fuller
M

Latest posts

Back